TLS fails on imaps port
Andrew Morgan
morgan at orst.edu
Mon Jan 25 12:28:30 EST 2010
On Sat, 23 Jan 2010, Bob Dye wrote:
> I'm running Cyrus-imapd 2.3.7 on a Redhat Enterprise Linux 5 system.
>
> TLS works fine if I connect to the imap port (143). If I try to connect
> instead via the imaps port (993), the attempt times out and I get the
> following in the log:
>
> imaps[27170]: imaps TLS negotiation failed: [xx.xx.xx.xx]
> imaps[27170]: Fatal error: tls_start_servertls() failed
>
> Any ideas?
Try the command line openssl client and see if it can negotiate SSL/TLS.
Something like this:
openssl s_client -connect your_server_dns_name:993 -CApath /etc/ssl/certs
CApath should be the path to your local CA certificates directory,
/etc/ssl/certs on Debian Linux. You could also add -debug to get a hex
dump of the traffic.
Can you post your imapd.conf file (sanitized)?
Andy
More information about the Info-cyrus
mailing list